vic102482Premium
join:2002-04-30
Upper Marlboro, MD Reviews:
 ·Verizon FiOS
| reply to bluebaron2
Re: People with fake keys can't protect from Sasser! said by bluebaron2:
said by vic102482:
Microsoft has no responsibility in this situation? I think not.
I think so. None. The thief is responsible for the damage they do with the stolen property.
To continue your BMW analogy, it is more like BMW deactivates the steering as soon as you steal the vehicle. If you then insist on continue driving the stolen vehicle without steering, how is that any body's fault but yours?
So what about what "B" said when unwitting users are sold stolen peices of software on ebay for instance?
Also since the OS is already in use and ON the internet when trying to update, the BMW should be in use and ON the FREEWAY when trying to steer. I think it is a perfect parallel comparison.
Deactivating as soon as being decteted as stolen means you shouldnt be able to login or have the OS function, but unfortunatly that is not the case.
Micorsoft made a very poor desision. What happens if a coporation cannot update their software because their key was stolen and is floating around the internet?
What is a systems administrator supposed to do? Some bastard employee could leak it to his friends, and now the whole coporation cannot patch their machiens.
Who is liable then?
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
 bluebaron2Stuff HappensPremium,Mod
join:2001-02-01
North of 44
Canadian Chat
| You're still missing it here vic. The people who stole the software knew when they stole it that they could not get updates and fixes, if they didn't then they were not only thieves but terminally stupid to boot.
The BMW thief knew at the onset that he wouldn't be able to steer the car ( BMW/Microsoft has not been shy in informing people that they do not support stolen property ) and he still took it out on the freeway. Just because it took him a little time before he crashed does not diminish his responsibility for the accident one iota.
--
bb2
Since I've given up hope I feel much better. |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
·Verizon FiOS
 ·Verizon Online DSL
| reply to vic102482
said by vic102482:
So what about what "B" said when unwitting users are sold stolen peices of software on ebay for instance?
Caveat emptor, of course. Don't buy things from sources whose reputation you are unsure of -- or if you do, complain to the thief who sold you the stolen thing, not the person from whom the thief stole the goods. |
|
vic102482Premium
join:2002-04-30
Upper Marlboro, MD Reviews:
·Verizon FiOS
1 edit | reply to bluebaron2
said by bluebaron2:
You're still missing it here vic. The people who stole the software knew when they stole it that they could not get updates and fixes, if they didn't then they were not only thieves but terminally stupid to boot.
The BMW thief knew at the onset that he wouldn't be able to steer the car ( BMW/Microsoft has not been shy in informing people that they do not support stolen property ) and he still took it out on the freeway. Just because it took him a little time before he crashed does not diminish his responsibility for the accident one iota.
Yes I agree(excellent argument), but in all honesty(I want your honest opinion:)), is that the wisest desicion that a corporation like microsoft should come to when trying to deal with piracy?
Shouldnt the car just not be allowed to start? IE windows being reverted back to the 30 day activation then lock period?
Isnt chaning it back to 30 day trial and then lock a better solution than denying updates?
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
 jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | said by vic102482:
. . . Shouldnt the car just not be allowed to start? IE windows being reverted back to the 30 day activation then lock period?
Isnt chan[g]ing it back to 30 day trial and then lock a better solution than denying updates?
Getting a bit confused by the word 'lock' in this instance. Are you really saying that Windows (probably XP) should be disabled (or perhaps rendered inoperable) or are you saying "No more updates"?
I mean, I like, your question about "Isn't there a better alternative?", but there are some logistical and legal issues with the first approach that are likely to raise havoc -- especially the first time someone with a legitimate copy of Windows gets wrongly locked out.
--
Regards, Joseph V. Morris |
|
bluebaron2Stuff HappensPremium,Mod
join:2001-02-01
North of 44 Host:
Canadian Chat
| reply to vic102482
We're probably taking this car anology way to far vic but here goes one more time. 
BMW did make the car not be able to start, you needed a key to get it going, the thief jumpered it to get past that built in anti-theft device. The Software thiefs bypassed the registration to make the software work, beyound the 30 day limit. M$ installed a anti-theft device in their software and now you are arguing that since the thiefs by-passed that one it's M$ fault that they didn't install another one. Bottom line don't steal software, if someone offers you software at a fraction of the retail cost, you damn well should know it's not legit. Don't want to get infected...go buy the legal operating system. Period.
--
bb2
Since I've given up hope I feel much better. |
|
1 edit | reply to dave
The problem with "faked" MS OS keys.... I find it pathetic that we have people who are complaining that Microsoft won't update their pirated software. Most likely they or someone they know have and USE such pirated software and they are PO'ed because now they have to shell out for software the rest of us have already LEGALLY paid for.
IMO - The USER is responsible for making informed decisions on purchasing and installing their software. This means that you better KNOW who you buy your software from and you better protect your licences like you'd protect your wallet and credit cards.
Remember the cardinal rule-- "If it sounds too good to be true, most likely it is [too good to be true]" |
|
vic102482Premium
join:2002-04-30
Upper Marlboro, MD Reviews:
·Verizon FiOS
| reply to jvmorris
Re: People with fake keys can't protect from Sasser! said by jvmorris:
said by vic102482:
. . . Shouldnt the car just not be allowed to start? IE windows being reverted back to the 30 day activation then lock period?
Isnt chan[g]ing it back to 30 day trial and then lock a better solution than denying updates?
Getting a bit confused by the word 'lock' in this instance. Are you really saying that Windows (probably XP) should be disabled (or perhaps rendered inoperable) or are you saying "No more updates"?
I mean, I like, your question about "Isn't there a better alternative?", but there are some logistical and legal issues with the first approach that are likely to raise havoc -- especially the first time someone with a legitimate copy of Windows gets wrongly locked out.
I mean locked as in, you just got the software.
If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now.
Is that a better alternative than blocking the updates?
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | said by vic102482:
. . . I mean locked as in, you just got the software.
If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now.
Okay, pardon me for being obtuse, but all My MS OS licenses have been legitimate, so I really have no idea what happens (especially with Win XP) if one fails to present a valid key within the 30-day interval.
quote:
Is that a better alternative than blocking the updates?
I'm having to be a bit presumptuous at this point, but I take your reply to mean that the system would then be inoperative (if the 30-day period expired without the insertion of a valid key).
This would be somewhat different from what I thought you might be advocating -- a 'self-help' function that Microsoft could use (remotely) to disable the OS (as proposed in the original UCITA draft legislation).
To answer your direct question, yes. I think that would be a better solution. We would not then having people (knowingly or unknowingly) running around with pirated copies of the OS and consequently being able to propagate worms, trojans, or viruses (if they'd taken the time to run the updates). If then they failed to enter a legitimate key, they would no longer be part of the vulnerable pool under any circumstances.
I gather that there are an incredible number of counterfeit MS OS licenses out there. No point in simply letting them become a source of infection for the rest of us (including the simply clueless who think of their PCs as being little different from their refrigerator).
--
Regards, Joseph V. Morris |
|
vic102482Premium
join:2002-04-30
Upper Marlboro, MD Reviews:
·Verizon FiOS
2 edits | said by jvmorris:
said by vic102482:
. . . I mean locked as in, you just got the software.
If you try to use a pirated key then it will revert back to the 30 day trial period and on the 30th day, ask you to present a real key or you will not be allowed to login, just as the software does now.
Okay, pardon me for being obtuse, but all My MS OS licenses have been legitimate, so I really have no idea what happens (especially with Win XP) if one fails to present a valid key within the 30-day interval.
quote:
Is that a better alternative than blocking the updates?
I'm having to be a bit presumptuous at this point, but I take your reply to mean that the system would then be inoperative (if the 30-day period expired without the insertion of a valid key).
This would be somewhat different from what I thought you might be advocating -- a 'self-help' function that Microsoft could use (remotely) to disable the OS (as proposed in the original UCITA draft legislation).
To answer your direct question, yes. I think that would be a better solution. We would not then having people (knowingly or unknowingly) running around with pirated copies of the OS and consequently being able to propagate worms, trojans, or viruses (if they'd taken the time to run the updates). If then they failed to enter a legitimate key, they would no longer be part of the vulnerable pool under any circumstances.
I gather that there are an incredible number of counterfeit MS OS licenses out there. No point in simply letting them become a source of infection for the rest of us (including the simply clueless who think of their PCs as being little different from their refrigerator).
Yeah it works just like norton. I have never seen it either on my machine, but I can tell what happens. Beofre I enter in my key code there is a 30 days remaining notification, then 20 days 15 etc. and when you get down to one the system will lock. You cant log in, when it boots it just sits there with a "Please Call Microsoft or Enter Keycode" screen. No access is given to the system what so ever.
If microsoft used windows updates to revert the system back to this mode (which is most certainly posssible) this method will not only ensure that pirated copys of XP are locked until a valid key is entered, but the virus propagtors are also removed from the internet pool so that they cannot do damage to other machines.
What sense does it make for Microsoft to allow them to use the software but not update it. Isnt what you are trying to accomplish the "removal" of bad software, IE steering wheel locking and the engine refusing to start when a car is broken into? Stop the problem at the door, lock it down restrict access and tell them to call Microsoft for assistance! Dont let them roam free with no updates allowing them to collect up malicious software and spread it onto other unsuspecting users.
Disabling updates is a foolish idea with so many commonsense alternatives available. Also in the long run, legetimate customers get burned. If someone stole your key youd have 30 days to call Microsoft vs. finding out you cant update when a new virus is on the itnernet. And in this case alot of the time with so many new viruses out people update during a breakout, not "just because", so alot of legitimate users who had their keys stolen or were sold stolen software will find out they cant update when its "too late".
Totally rediculous idea by Microsoft:(.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
 SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: People with fake keys can't protect from Sasse At the MVP Summit, we asked them about this. They saw the point of allowing eveybody to upgrade (patching the dirtballs actually helps protect me), but ultimately it came down to: said by Microsoft guy:
There really should be benefits of ownership
I could go either way on this, but they do have a point.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
IGGYNo Guru Just Here To HelpPremium,MVM
join:2001-03-30
Chatham, IL | I think this is one of those you get what you pay for points. If you wish to do this or need to for economic reasons etc - you'd better either be able to beat the system or suffer the results of your actions.
I'm just not sure that these users would actually use the option if they had the choice. As I mentioned above - most users who have a valid license don't and obviously the pirated key users don't have basic security on there mind.
--
Test Your Security Team Z Member Cable Modem Diagnostics |
|
vic102482Premium
join:2002-04-30
Upper Marlboro, MD Reviews:
·Verizon FiOS
| reply to Steve
said by Steve:
At the MVP Summit, we asked them about this. They saw the point of allowing eveybody to upgrade (patching the dirtballs actually helps protect me), but ultimately it came down to: said by Microsoft guy:
There really should be benefits of ownership
I could go either way on this, but they do have a point.
That is a self defeating statement said by "Microsoft guy". If one of the "benefits" of ownership is protection, then why must I be bombarded by someone that cant update their own system? Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Who is really paying the price here is the question I have.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by vic102482:
Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Maybe you need a sense of perspective: my router turns them away, and I have no idea whether I've had 1 "attack" or a million. Why do you care how many?
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
·Verizon FiOS
·Verizon Online DSL
| reply to vic102482
said by vic102482:
Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Whereas, of course, if this thief could update his stolen software, he would thus cease to be a bad network citizen.
Got any proof of that conjecture? Or is it more likely that since he didn't give a rats arse about theft, he doesn't give a rats arse about the rest of us? |
|
|
|
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | reply to Steve
Well, Steve, I can sort of understand that, but still . . .
If MS is going to let you use software for 30 days without having submitted a legitimate key, (regardless of whether it was a legitimate purchase or a counterfeit copy), then it seems to me that -- just for the sake of the rest of us -- they should allow at least critical updates to be applied to the system in the interim. (Again, at this point I could care less whether the 'owner' is potentially legit or running a counterfeit copy.)
After that, the software gets disabled (I think their host-based notifications make that quite clear). At this point, it doesn't matter whether you've got a legitimate copy or a counterfeit copy. No ticket, no laundry -- seems simple enough to me.
Now, again, I'm not talking about some sort of (remote) self-help function, but rather the basic 30-day timer inherent in the software until such time as a valid key is entered. There is a little minor detail (gasp!) for people who actually buy a machine, but don't connect it to the Internet, but I think Microsoft provides an alternative means of handling that also, don't they?
--
Regards, Joseph V. Morris |
|
vic102482Premium
join:2002-04-30
Upper Marlboro, MD Reviews:
·Verizon FiOS
| reply to Steve
said by Steve:
said by vic102482:
Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Maybe you need a sense of perspective: my router turns them away, and I have no idea whether I've had 1 "attack" or a million. Why do you care how many?
Steve
My pix turns them away as well but what about all of the spam generated? How can I turn them away without using my bandwith to do so? Perhaps you can tell me of a product that can DNSBL on a cisco router because I surely would be interested;). It just took me 2 hours to delete my badmail directory. Ive had to setup a separate relay because of so much junkmail. A bunch of that crap follows back to Aldephia and Comcast IPs.
A router is just one perspective of this patching problem. Sasser is a worm, but there are many more viruses out there that exploit patches.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3
 ·Shaw
| reply to vic102482
said by vic102482:
That is a self defeating statement said by "Microsoft guy". If one of the "benefits" of ownership is protection, then why must I be bombarded by someone that cant update their own system? Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
They can update their stolen software by purchasing it, if they choose not to purchase it then they are choosing not to update it. How is that Microsoft's problem, as there exists a way for the user to update his OS, if they don't like that path, then that is their problem, not Microsoft's. One day no doubt there will be very malicious worm that will destroy infected systems, so problem solved (unfortunately a lot of license users will be creamed as well as they choose not to apply updates or have other security measures in place).
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
vic102482Premium
join:2002-04-30
Upper Marlboro, MD Reviews:
·Verizon FiOS
| reply to dave
said by dave:
said by vic102482:
Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Whereas, of course, if this thief could update his stolen software, he would thus cease to be a bad network citizen.
Got any proof of that conjecture? Or is it more likely that since he didn't give a rats arse about theft, he doesn't give a rats arse about the rest of us?
I think there are plenty of theives that would be pissed if their machines were infected. Just because you steal software doesnt mean you dont have anything worthwhile on it. PC gaming for example. Would someone with stolen windows XP and stolen unreal torunmaent want their computer all slowed down and randomly rebooting in the middle of their games?
I think how you got the software doesnt matter if you patch or not. Remember the guy on the front page that bought a new 2,000 dollar laptop because his old one was infected? I doubt with that much cash hed be stealing verisons of XP, but yet he didnt update his system.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
| reply to vic102482
said by vic102482:
That is a self defeating statement said by "Microsoft guy". If one of the "benefits" of ownership is protection, then why must I be bombarded by someone that cant update their own system? Should I recieve 10,000 Netsky viruses from teh same IP because someone cant update their stolen software?
Who is really paying the price here is the question I have.
Rather than lay the responsibility on Microsoft, why not lay the responsibility on the users and their ISP's? I believe most ISP's have a clause in their user agreements which states that the ISP can terminate a customer's service if that customer's connection/usage becomes detrimental to their network.
So if a person neglects to maintain their computer, have their ISP's shut them out of the internet. Of course, there is always a chance that the cheap-arsed, software pirate may simply be using a hacked commection to the internet and not paying for that either, so this solution would help the fiscal viability of both software manufacturers AND the ISPs.... |
|
